DATA PROTECTION

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”); an identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more specific factors that characterize to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Processing” means any operation or set of operations performed, whether or not automatically, on the basis of Personal Data. The term is broad and encompasses almost all forms of data processing. “Pseudonymization”: the Processing of Personal Data in such a way that the Personal Data cannot be traced back to a specific Data Subject without the inclusion of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the Personal Data cannot be traced back become an identified or identifiable natural person. “Profiling”: any automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects of a natural person, in particular for the purpose of analyzing or predicting aspects related to the performance of the work, the economic situation, health, personal preferences, interests, reliability, the behaviour, location or movement of that natural person. “Controller” means the natural or legal person, public authority, agency or any other body that alone or jointly with others determines the purpose and means of the Processing of Personal Data. “Processor”: any natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Controller.

Relevant legal bases
In accordance with Article 13 of the GDPR, we inform you about the legal basis of our data processing. If the legal basis is not stated in the privacy statement, the following applies.Right to be forgotten case legal basis for obtaining consent falls under Article 6(1)(a) and Article 7 of the GDPR, the legal basis for the Processing for the purpose of execution of our services and the implementation of contractual measures and the answering of questions falls under Article 6(1)(b) of the GDPR, the legal basis for the Processing for the performance of our legal obligations falls under Article 6(1) , point c of the GDPR, and the legal basis for the Processing for the purpose of safeguarding our legitimate interests falls under Article 6(1)(f) of the GDPR.

Safety precautions
In accordance with Article 32 of the GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purpose of the Processing, as well as the degree of probability of occurrence and the seriousness of the risk to rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection adapted to the risk. These measures include, in particular, ensuring the confidentiality, integrity and availability of Data by controlling physical access to Data, as well as access, input, disclosure, guaranteeing its availability and segregation. In addition, we have established procedures to ensure that Data Subjects' rights are exercised, the Data will be erased and we will respond to any threats to the Data. In addition, we already consider the protection of Personal Data in the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly presets (Article 25 of the GDPR).

Collaboration with Processors and third parties
If we disclose, transfer or otherwise grant them access to the Data to other persons and companies (Processors or third parties) in the context of our processing, this will only be done on the basis of a legal authorization (e.g. if the Data must be transferred to third parties, such as payment service providers in accordance with Article 6 (1) (b) of the GDPR for the execution of the contract), if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when deploying contractors, web hosts, etc.). If we instruct third parties to process Data on the basis of a so-called "contract settlement agreement", this is done on the basis of Article 28 of the GDPR.